Offshore virtual currency exchange sanctioned for facilitating cybercrime

OFAC has designated an entity and a Russian individual for allegedly facilitating cybercrime – press release.

• https://ofac.treasury.gov/recent-actions/20240926
• https://home.treasury.gov/news/press-releases/jy2616

Cryptex is a virtual currency exchange that is said to have received over $51.2m in funds from ransomware attacks and is associated with over $720m in transactions to services used by Russia-based cybercriminals.

• Cryptex is a virtual currency exchange registered in St. Vincent and the Grenadines under the name “International Payment Service Provider” that provides financial services to cyber criminals and operates in the financial services sector of the Russian Federation economy.
• Cryptex advertises its virtual currency services in Russia and has received over $51.2 million in funds from ransomware attacks.
• Cryptex is associated with over $720 million in transactions to services frequently used by Russia-based ransomware actors and cybercriminals, including fraud shops, mixing services, exchanges lacking KYC programs, and OFAC-designated virtual currency exchange Garantex.

Sergey Sergeevich Ivanov is also designated for his role as an alleged money launderer. He is said to have laundered several millions of dollars of virtual currency over the last 20 years.

• Sergey Sergeevich Ivanov is an alleged Russian money launderer who has laundered hundreds of millions of dollars’ worth of virtual currency for ransomware actors, initial access brokers, darknet marketplace vendors, and other criminal actors for approximately the last 20 years. Through various payment processing services, including one that does business under the name “UAPS,” Ivanov has served as the payment processor for various fraud shops, including OFAC-designated Genesis Market, whose website was taken down by law enforcement in 2023. Ivanov is currently associated with Cryptex. OFAC is designating Ivanov under E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy. 

In coordination with the designations, FinCEN has issued an order identifying PM2BTC as a “primary money laundering concern”. PM2BTC allegedly facilitates the laundering of virtual currency for ransomware actors.

• https://www.fincen.gov/news/news-releases/treasury-takes-coordinated-actions-against-illicit-russian-virtual-currency

OFAC’s designations follow several recent U.S. Treasury actions to combat Russia-based cyber criminals, further illustrating that Russia continues offering safe harbours to such actors. These include

• The July 19, 2024, designation of two members of the Russian hacktivist group Cyber Army of Russia Reborn;
• The May 7, 2024 designation of Dmitry Khoroshev, also known as LockBitSupp, who is a leader of the LockBit ransomware group; and
• The February 20, 2024, designation of LockBit affiliates Ivan Kondratiev and Artur Sungatov. The individual and entity designated today facilitated transactions worth hundreds of millions of dollars for cybercriminals and cybercrime services, including ransomware actors and OFAC-designated darknet market Genesis Market.